[cap-talk] controversial article

[Matej Kosik]

Hello,

Most of us here are probably obsessed with something more or less
related to capabilities guarded:

1. either cryptographically
2. or by OS
3. or by the language.

Each kind is strong in different domain. All are important but I am
playing with the third kind.

Mark's thesis formulates the object-capability security model that is
supported by existing object-capability programming languages. Mark
thesis (as well as other texts) also defines the following concepts:
- defensive consistency
- defensive correctness

I hope that it is correct to say that all object-capability programming
languages can be used for creating software systems that are defensively
consistent but none of these languages (or platforms) can be used for
creating defensively correct software systems. (?)

What about defensive correctness?
Are there platforms that can be used for building defensively correct
software systems? (distributed or at least non-distributed).

I may be wrong but I assume that the answer is no. In my winter
experiments I was trying to figure out what is wrong with particular
object-capability programming language (Pict) that prevents me to use it
for creating defensively correct software systems. The problems and the
solution is sketched in this article:

http://altair.sk/mediawiki/upload/2/2d/Sofsem2010.pdf

There are 5 days to the deadline. I would be grateful for any good soul
that would help me to improve it. It is the first version of the
complete article. To make the article passable, this version avoids as
much as it is possible discussing particular weird programming language
(Pict) but tries to generalize it to any system of processes that
communicate by asynchronous message passing (provided either by OS or
directly by the language constructs or by some library). Significant
part of the article is devoted to the (unusual) context and my own work
is there sketched to give the reader the idea what was done. The basic
idea is quite trivial (non-trivial or to particular details are omitted).

I see the following things that should be checked:
- do I define basic concepts consistently with you?
  (Sections 1--4)
- Section `related work' is weak --- are there platforms that
                                     can be used for creating
                                     defensively correct
                                     software systems?

Those who would like to help can directly make notes to the RTF version:

http://altair.sk/uploads/tmp/Sofsem2010.rtf

and I can then merge them.

(there is probably also a pile of other errors)

Thanks in advance for any help.